#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time : 2024/2/2 20:56
# @Author : Yoin

import pymysql

while True:
    username = input("用户名：")
    if username.upper() == 'Q':
        break
    password = input("密码：")
    mobile = input("手机号码：")
    # 1.连接mysql
    # 1.1建立连接
    conn = pymysql.connect(host="127.0.0.1", port=3306, user="root", password="root", charset="utf8", db="db1")
    # 1.2 创建与数据库传送接收数据的介质
    cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)

    # 2.发送指令
    # 2.1生成指令
    # 2.1.1
    # sql = "insert into admin(username,password,mobile) values('殷琪尧','123','15666415212')"
    # !!! 不能用"f{}"和"{}{}".format 来做sql语句的拼接，安全隐患sql注入
    # 正确方法
    # 2.1.2
    sql = "insert into admin(username,password,mobile) values(%s,%s,%s)"
    cursor.execute(sql, [username, password, mobile])
    # 2.1.3 给传进去的参数起名字，以字典进行赋值
    # sql = "insert into admin(username,password,mobile) values(%(n1)s,%(n2)s,%(n3)s)"
    # cursor.execute(sql, {'n1': '大王', 'n2': '123456', 'n3': '15666666666'})

    # 2.2提交指令到数据库
    conn.commit()

    # 3.关闭连接
    cursor.close()
    conn.close()
    print("添加成功！")
